<?php
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//
// DLMan by Shedd Technologies International		  				//
// http://www.dlman.com | info@dlman.com							//
// Copyright 2003 by STI, All rights reserved.						//
// ---------------------------------------------------------------- //
// Usage of this software is governed by the terms of GPL. 	    	//
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//

/*
Reset and present user with new password.
*/
require_once("global.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
	<title>Lost Password Recovery</title>
<style type="text/css">
<!--
.prefinput{
	color: #333333;
	font-family: Verdana, Arial, Helvetica, sans-serif;
	font-size: 11px;
	font-weight: normal;
	border-color: #333333;
	text-indent: 2px; 
	border-top-width: 1px;
	border-right-width: 1px;
	border-bottom-width: 1px;
	border-left-width: 1px; 
	background: #f8f8f8;
}
.button {
	background-color: #F8F8F8;
	color: #333333;
	border-color: black;
	font-family: Verdana, Arial, Helvetica, sans-serif;
	font-size: 11px;
	font-weight : bold;
	border-top-width: 1px;
	border-right-width: 1px;
	border-bottom-width: 1px;
	border-left-width: 1px; 
}
-->
</style>
<script language="JavaScript" type="text/javascript">
//Verify password entry
function validForm(passForm){
	if(passForm.new_pass_one.value==""){
		alert("You must enter a password");
		passForm.new_pass_one.focus();
		return false
	}
	if(passForm.new_pass_one.value!=passForm.new_pass_two.value){
		alert("Entered passwords do NOT match");
		passForm.new_pass_one.focus();
		passForm.new_pass_one.select();
		return false
	}
	return true
}//end validForm()
</script>
</head>
<?php
if(!isset($stage)){
?>
<body>
<form action="<?php print $PHP_SELF; ?>" method="post">
<P><FONT face=Verdana size=2>Enter Username: <INPUT class=prefinput size=15 name=user5 type=text></FONT></P>
<input type="hidden" name="stage" value="1">
<input type="submit" name="Submit" value="Proceed" class="button">
</form>
<?php
}
elseif($stage=="1"){
	//verify user exists
	$sql="SELECT ".$config->field['username']." FROM ".$config->dt['user']." WHERE ".$config->field['username']."='".$Suser."'";
	$result=mysql_query($sql);
	$users=mysql_num_rows($result);
	if($user!=1){
		die("Invalid Username!");
	}
?>
<body>
<form action="<?php print $PHP_SELF; ?>" method="post">
Do you want to proceed?&nbsp;<input type="checkbox" name="continue" value="yes" class=prefinput>
<p><b>Opting to proceed will reset your password!</b></p>
<input type="hidden" name="stage" value="2">
<input type="hidden" name="user5" value="<?php print $user5; ?>">
<input type="hidden" name="pass567890" value="<?php print make_password(8); ?>">
<input type="submit" name="Submit" value="Change" class="button">
</form>
<?php
}
elseif($stage=="2"){
	//third step:
		//make change, close button, run main window refresh
		if($continue=="yes"){
			//do db change
			if($config->password=="md5"){
				$sql="UPDATE ".$config->dt['user']." SET ".$config->field['password']."='".md5($pass567890)."' WHERE ".$config->field['username']."='$user5';";
			}
			else{
				$sql="UPDATE ".$config->dt['user']." SET ".$config->field['password']."='".$pass567890."' WHERE ".$config->field['username']."='$user5';";
			}
			
			if(!$result=mysql_query($sql)){
				print "<p>Error in updating data!<br>";
				print mysql_error();
				print '<br><a href="';
				print $PHP_SELF;
				print '">Click Here to try again</a><br><br>';
				print "$sql</p>";
			}//end error
			else{
				//pull sales department address
				$sql="SELECT sales_address FROM ".$config->dt['settings']."";
				$result=mysql_query($sql);
				while($value=mysql_fetch_array($result)){
					$from=$value['sales_address'];
					$cc=$value['sales_address'];
				}
				
				//pull user email
				$sql="SELECT ".$config->field['email']." FROM ".$config->dt['user']." WHERE ".$config->field['username']."='$user5';";
				$result=mysql_query($sql);
				$value=mysql_fetch_array($result);
				
				//pull email
				$sql="SELECT mail_lostpass FROM ".$config->dt['settings']."";
				$result=mysql_query($sql);
				while($value=mysql_fetch_array($result)){
					$body=$value['mail_passchg'];
				}
				
				//MAIL PASSWORD TO USER
					/* recipients */
						$to 		= $value[$config->field['email']];
					/* subject */
						$subject 	= "New Password";
					/* message */
						$message 	= parse($body,$pass567890);
					/* additional headers */
						$headers 	= "From: $from\r\n";//from has already been defined
						$headers 	.= "Cc: $cc\r\n";//$cc has already been defined
					/* send the mail */
					if(!mail($to, $subject, $message, $headers)) print "<P><b>Unable To Send New Password to User!</b></P>";
			}
		}
	//print HTML
	?>
<body>
<b>The password modification has been completed.</b><br>
<form method="post">
<input type="button" value="Close" class="button" onclick="window.close()">
</form>
	<?php
}
?>
</body>
</html>
<?php
function make_password($length){
    $vowels = 'aeiouyAEIOUY';
    $consonants = 'bdghjlmnpqrstvwxzBDGHJLMNPQRSTVWXZ';
    $password = '';
    
    $alt = time() % 2;
    srand(time());

    for ($i = 0; $i < $length; $i++) {
        if ($alt == 1) {
            $password .= $consonants[(rand() % 17)];
            $alt = 0;
        } else {
            $password .= $vowels[(rand() % 6)];
            $alt = 1;
        }
    }
    return $password;
}

function parse($code,$password){
	global $PHP_SELF,$config;
	$code=str_replace("%PASSWORD%",$password,$code);//Password
	$code=str_replace("%SALESEMAIL%",$config->cs['sales_address'],$code);//Sales Department Email Address
	$code=str_replace("%URL%",$config->cs['forum_url'],$code);//Member Area URL
	$code=str_replace("%NAME%",$config->cs['forum_title'],$code);//Merchant Name
	$code=str_replace("%NL%",'\n',$code);//New Line Codes
	return $code;
}
?>
